2019 - Call for Papers

Over the past decades, a multitude of security and privacy enhancing technologies has been developed and brought to considerable maturity. However, the design and engineering of such technologies often ignores the organizational context that respective technologies are to be applied in. A large and hierarchical organization, for example, calls for significantly different security and privacy practices and respective technologies than an agile, small startup. Similarly, whenever employees’ behavior plays a significant role for the ultimate level of security and privacy provided, their individual interests and incentives as well as typical behavioral patterns must be taken into account and materialized in concrete technical solutions and practices. Even though research on security- and privacy-related technologies increasingly takes into account questions of practical applicability in realistic scenarios, respective approaches are typically still rooted in the technical domain alone, motivated by technical givens and constraints from the practice.

On the other hand, a substantial body of organization-related security and privacy research already exists, incorporating aspects like decision and governance structures, individual interests and incentives of employees, organizational roles and procedures, organizational as well as national culture, or business models and organizational goals. Nonetheless, these research activities are only seldomly translated into concrete technical mechanisms, frameworks, and systems.

This disconnection between rather technical and rather organization-related security and privacy research leaves substantial room for improving the fit between concrete technologies on the one and organizational practices on the other hand. Achieving a better fit between these two sides through security and privacy technologies that soundly incorporate organizational and behavioral theories and practices promises substantial benefits for organizations and data subjects, engineers, policy makers, and society as a whole.

The aim of this workshop is therefore to discuss, exchange, and develop ideas and questions regarding the design and engineering of technical security and privacy mechanisms with particular reference to organizational contexts. We invite papers from researchers and practitioners working in security- and privacy-related systems engineering as well as in the field of organizational science to submit their original papers to this workshop. Topics of interest include, but are not limited to:

We particularly welcome papers explicitly translating findings and insights from organizational and behavioral theory into the concrete design and engineering of technical security and privacy mechanisms as well as papers evaluating, assessing, or scrutinizing existing security and privacy technologies against actual organizational and behavioral theories and/or givens from the practice. Papers without relation to concrete technologies are, however, not excluded in general.

Types of Papers

Besides regular (max. 16 pages) and short (max. 8 pages) papers, we also invite practical demonstrations, intermediate reports, and mini-tutorials on respective technologies currently under development. Such contributions should be consciously tailored to inspire more in-depth discussions. Submissions falling under this category should describe the proposed contribution to the workshop in no more than 4 pages and be explicitly marked as such during the submission process.

Accepted papers will be published in a joint LNCS proceedings together with two other ESORICS workshops. Additional publication opportunities for extended papers in a special issue of an Open Access Journal are discussed.

Authors of accepted papers must guarantee that their papers will be presented at the workshop. At least one author must register.

Submissions

Submissions must be done via EasyChair at https://easychair.org/conferences/?conf=spose2019 (see also https://easychair.org/cfp/SPOSE2019). Submissions must be formatted according to the LNCS-Template.

Important dates (might be subject to change, depending on publication constraints)